Privacy Policy
At The Keep Clinic, we protect your privacy and take our responsibilities under data protection legislation seriously.
User Provided Information
Personal information provided to The Keep Clinic by you will only be used for the purposes stated when the information is requested, such as creating a self-referral. Information received by external referrers, such as your GP or another healthcare professional, related to you will be treated similarly.
The personal data we collect includes
-
Personal details such as full name, date of birth, gender, marital status, ethnicity
-
Address and contact details including e-mail address and phone numbers
-
Emergency contact details and next of kin
-
National Health Number
-
Details of other healthcare professionals involved in your care
-
Financial information as part of our billing system
-
Details of your private medical insurance
We also collect details related to your medical care such as
-
Details about your current and past medical and mental health history including treatments by other clinicians
-
Medical records of past treatments and investigations
-
Imaging such as ultrasound, x-ray and MRI reports, images and videos
We also collect information directly from you through our Patient Reported Outcome Measures (PROMS) questionnaires.
Please be assured that personal information will not be sold to third parties, or provided to direct marketing companies or other such organisations without your express permission. Personal information collected and/or processed by The Keep Clinic is held in accordance with the provisions of the General Data Protection Regulation (GDPR) 2018.
How we store information collected
​
Information which you provide to us will be stored either on our secure servers or our Medical Management System, whose servers are hosted in London who complies with all EU privacy regulations including GDPR. Personal data is kept as long as necessary to comply with legal and regulatory requirements in line with the Information Governance Alliance Records Management Code of Practice for Health and Social Care 2016.
Information security
We work hard to protect The Keep Clinic, our systems and our users from unauthorised access to or unauthorised alteration, disclosure or destruction of information that we hold. In particular:
-
We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems and data.
-
We restrict access to personal information to The Keep employees, contractors and agents who need to know that information in order to process it for us and who are subject to strict contractual confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
-
We encrypt any sensitive data that needs to be provided outside of The Keep for both agents and patients.
Accessing and updating your personal information
The General Data Protection Regulation 2018 gives you the right to access information held about you. We aim to provide you with access to your personal information. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate – unless we have to keep that information for legitimate business or legal purposes.
To do so, please contact our Data Protection Officer using email: bethan@mskdoctors.com
Use of Personal Data
​
Personal data will be used for the following
-
Arranging appointments, investigations, procedures and surgery
-
Ensuring that you are receiving the appropriate care
-
In response to queries, complaints and concerns
-
Quality assurance by evaluating your treatment and outcomes
-
Processing invoices and payment
-
Disclosure to another healthcare professional for further treatment e.g. physiotherapy or to the referring clinician
Legal Disclosure
Please note: we may be legally obliged to disclose your personal information to third parties if we are under a duty to disclose or share such information as necessary in order to prevent and detect crime, protect public funds and make sure the personal information is accurate. These third parties include government departments, local authorities and some private sector organisations, but this will only be in the exceptional circumstances listed above.
Compliance and cooperation with regulatory authorities
We regularly review our compliance with our Privacy Policy. We also adhere to national data protection regulations. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
Making a Complaint
​
If you are unhappy with the way we have dealt with a request from you with regards to GDPR or if you think we have not complied with our legal obligations, you can make a complaint to the Information Commissioner’s Office (ICO). We would appreciate you informing the Data Protection Officer of the issue and allowing them to address the complaint before contacting the ICO. Making a complaint will not affect any other legal right. More information can be found on the ICO website: www.ico.org.uk
Contact Details for the ICO:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Email: casework@ico.org.uk
Telephone: 0303123113 or 01625457549